Hi all,
In my IPA 4.4 lab (RHEL 7.3), I'm trying to install/configure a new replica,
and I seem to be hitting something similar to #5412 [1].
The 'ipa-replica-install' is getting stuck on:
[4/26]: creating installation admin user
Dirsrv error logs on the new replica:
On 16/11/2016 16:46, dan.finkelst...@high5games.com wrote:
I've seen some discussion in the (distant) past about disabling
anonymous binds to the LDAP component of IPA, and I'm wondering if
there's a preferred method to do it. Further, are there any known
problems with disabling anonymous
Hello.
This morning I've tried to upgrade my IPA server, but the upgrade failed,
and now the service doesn't start! :(
If I try lo launch the upgrade manually this is the output:
*[root@mlv-ipa01 download]# ipa-server-upgradeUpgrading IPA: [1/8]: saving
On 11/17/2016 12:09 PM, Morgan Marodin wrote:
Hello.
This morning I've tried to upgrade my IPA server, but the upgrade
failed, and now the service doesn't start! :(
If I try lo launch the upgrade manually this is the output:
/[root@mlv-ipa01 download]# ipa-server-upgrade
Upgrading IPA:
On Thu, Nov 10, 2016 at 07:19:09PM +0800, Matrix wrote:
> Hi, Sumit
>
> I have checked, and did not find anything more:
>
> error logs from /var/log/dirsrv/slapd-EXAMPLE-NET/access:
> ...
> [10/Nov/2016:10:46:58 +] conn=816560 fd=189 slot=189 connection from
> 10.2.3.32 to 10.2.1.250
>
Excellent - thanks.
I was missing some forward statements for a few private segments.
Venlig hilsen
Bjarne Blichfeldt
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Petr Spacek
Sent: 16. november 2016 14:36
To:
Sean Hogan wrote:
> Hi Jakub,
>
> I ended up re-enrolling the box and it is behaving as expected except I
> am not getting a host cert. Robert indicated auto host cert no longer
> avail with rhel 7 but using the --request -cert option on enroll to get
> a host cert if I wanted one. I did so and
Brian Candler wrote:
> On 16/11/2016 16:46, dan.finkelst...@high5games.com wrote:
>> I've seen some discussion in the (distant) past about disabling
>> anonymous binds to the LDAP component of IPA, and I'm wondering if
>> there's a preferred method to do it. Further, are there any known
>>
Morgan Marodin wrote:
> Hi Florence.
>
> Thanks for your support.
>
> Yes, httpd is using /etc/httpd/alias as NSS DB. And seems that all
> permissions and certificates are good:
> /[root@mlv-ipa01 ~]# ls -l /etc/httpd/alias/
> total 184
> -r--r--r-- 1 root root1345 Sep 7 2015 cacert.asc
>
Hi Florence.
Thanks for your support.
Yes, httpd is using /etc/httpd/alias as NSS DB. And seems that all
permissions and certificates are good:
*[root@mlv-ipa01 ~]# ls -l /etc/httpd/alias/total 184-r--r--r-- 1 root
root1345 Sep 7 2015 cacert.asc-rw-rw 1 root apache 65536
Hi.
I've tried to delete and reimport only the *Server-Cert* certificate (I've
a copy of the original folder).
But it happened a strange behaviour:
*# certutil -L -d /etc/httpd/alias -n Server-Cert -a >
/tmp/Server-Cert.crt# certutil -D -d /etc/httpd/alias -n Server-Cert#
William Muriithi writes:
> I just noticed that I used inappropriate way of setting up my hosts
> files and I am planning to make a fix. I am however worried this may
> break Kerberos. Should this change be of concern and have anyone made
> the changes before?
It
Afternoon.
I just noticed that I used inappropriate way of setting up my hosts
files and I am planning to make a fix. I am however worried this may
break Kerberos. Should this change be of concern and have anyone made
the changes before?
My current /etc/hosts are as follows:
192.168.20.2
On 11/17/2016 04:51 PM, Morgan Marodin wrote:
Hi Rob.
I've just tried to remove the group write to the *.db files, but it's
not the problem.
/[root@mlv-ipa01 ~]# grep NSSNickname /etc/httpd/conf.d/nss.conf
NSSNickname Server-Cert/
I've tried to run manually /dirsrv.target/ and
Hi Robert,
No I did not cut it off there was no reason listed.. that was the last
line about the issue.
I did find this to be my issue however
https://bugzilla.redhat.com/show_bug.cgi?id=1262718 ... having our sat guys
see if they can pull the new selinux policy packages as I do not see
Morgan Marodin wrote:
> Hi Rob.
>
> I've just tried to remove the group write to the *.db files, but it's
> not the problem.
I didn't expect it to be but you don't want Apache having write access
to your certs and keys.
> /[root@mlv-ipa01 ~]# grep NSSNickname /etc/httpd/conf.d/nss.conf
>
Hi.
I've upgraded all packages of my distribution, not only ipa packages.
There were a lot of packages.
*[root@mlv-ipa01 ~]# rpm -q mod_nssmod_nss-1.0.14-7.el7.x86_64*
All other checks seem ok:
*[root@mlv-ipa01 ~]# certutil -V -u V -d /etc/httpd/alias -n
Server-Certcertutil:
Sean Hogan wrote:
> Hi Robert,
>
> No I did not cut it off there was no reason listed.. that was the
> last line about the issue.
>
> I did find this to be my issue however
> https://bugzilla.redhat.com/show_bug.cgi?id=1262718 ... having our sat
> guys see if they can pull the new selinux
Hi Guys..
Sorry to bug ya again.. so looks like the selinux packages are not back
ported to 7.1 as I only have selinux-policy-3.13.1-23.el7_1.21.noarch as an
option
Setting the contexts manually to /etc/ipa/nssdb
Original
[root@server2 ipa]# ls -dZ nssdb
drwxr-xr-x. root root
Hi Rob.
I've just tried to remove the group write to the *.db files, but it's not
the problem.
*[root@mlv-ipa01 ~]# grep NSSNickname /etc/httpd/conf.d/nss.confNSSNickname
Server-Cert*
I've tried to run manually *dirsrv.target* and *krb5kdc.service*, and it
works, services went up.
The same for
20 matches
Mail list logo